Mutual Restricted Identification
Lucjan Hanzlik, Kamil Kluczniak, Lukasz Krzywiecki, Miroslaw Kutylowski
Wroclaw University of Technology
We extend idea of Restricted Identification deployed in personal identity documents in Germany.
Our protocol, Mutual Restricted Authentication (MRI for short), is designed for direct anonymous
authentication between users who belong to the same domain (called also sector).
MRI requires only one private key per user. Still there are no limitations to which domain
a user may belong and the domains are not fixed in advance. This enables implementation of MRI
when a strictly limited secure memory is available (like for smart cards). MRI guarantees that
a user has exactly one identity within a domain, while the identities from different domains
of the same user are not linkable. The main difference between RI and MRI is that in case of MRI
privacy of both participants are protected, while in case of RI the terminal is fully exposed.
The protocol is efficient, extremely simple (in particular, it outperforms RI) and well suited
for implementation on resource limited devices such as smart cards.
(accepted for EuroPKI 2013)